CVE-2024-45598 – This vulnerability in Cacti allows administrato... (How to Fix)

Q: What is the severity of CVE-2024-45598?

CVE-2024-45598 has a CVSS score of 6.0 (MEDIUM). This vulnerability in Cacti allows administrators to read arbitrary local files on the server by manipulating the Poller Standard Error Log Path parameter and accessing the Logs tab. The issue affects Cacti installations prior to version 1.2.29 where administrators have access to configuration settings.

📋 TL;DR

This vulnerability in Cacti allows administrators to read arbitrary local files on the server by manipulating the Poller Standard Error Log Path parameter and accessing the Logs tab. The issue affects Cacti installations prior to version 1.2.29 where administrators have access to configuration settings.

💻 Affected Systems

Products:

Cacti

Versions: All versions prior to 1.2.29

Operating Systems: All platforms running Cacti

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrator access to modify configuration settings. The vulnerability exists in the default installation.

📦 What is this software?

Cacti by Cacti

View all CVEs affecting Cacti →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator reads sensitive system files (e.g., /etc/passwd, SSH keys, database credentials) leading to privilege escalation or lateral movement within the environment.

🟠

Likely Case

Administrator reads application configuration files containing database credentials or other sensitive information stored on the local filesystem.

🟢

If Mitigated

Limited to reading files accessible to the web server user account, with no ability to modify files or execute commands.

🌐 Internet-Facing: MEDIUM - Requires administrator credentials but exposes internal file contents if exploited.

🏢 Internal Only: MEDIUM - Same impact as internet-facing, but attack surface is limited to internal networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrator credentials. The attack involves simple configuration changes and UI navigation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.29

Vendor Advisory: https://github.com/Cacti/cacti/security/advisories/GHSA-pv2c-97pp-vxwg

Restart Required: No

Instructions:

1. Backup your Cacti database and configuration. 2. Download Cacti 1.2.29 from the official repository. 3. Replace existing Cacti files with the new version. 4. Run database upgrade if prompted. 5. Verify functionality.

🔧 Temporary Workarounds

Restrict Administrator Access

all

Limit administrator accounts to trusted personnel only and implement strong authentication controls.

File System Permissions

linux

Restrict web server user permissions to sensitive directories using filesystem ACLs.

chmod 600 /path/to/sensitive/files
chown root:root /path/to/sensitive/files

🧯 If You Can't Patch

Implement strict access controls for administrator accounts and monitor administrator activities.
Apply filesystem permissions to restrict web server user access to sensitive files and directories.

🔍 How to Verify

Check if Vulnerable:

Check Cacti version via web interface or by examining the Cacti installation directory for version files.

Check Version:

grep 'version' /path/to/cacti/include/global.php | grep -o '[0-9]\+\.[0-9]\+\.[0-9]\+'

Verify Fix Applied:

Verify Cacti version is 1.2.29 or later and test that changing Poller Standard Error Log Path no longer allows arbitrary file reading.

📡 Detection & Monitoring

Log Indicators:

Unusual administrator logins
Changes to Poller Standard Error Log Path configuration
Access to non-standard log files

Network Indicators:

HTTP requests to Logs tab with unusual file parameters

SIEM Query:

source="cacti.log" AND ("Poller Standard Error Log Path" OR "log_file_path")

📊 Metadata

CVE ID: CVE-2024-45598

CVSS v3 Score: 6.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

CWE: CWE-22

EPSS Score: 0.34% exploit probability (55.9th percentile)

Published: January 27, 2025

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45598, you might also want to check these: